> 1999?... Protection Nov. 15, 2010
|
|
- Preston Lucas
- 6 years ago
- Views:
Transcription
1 > 1999?... Protection Nov. 15, 2010 Dave Eckhardt Garth Gibson 1 L31_Protection
2 Synchronization Hurdle! Most groups should submit their hurdle form today (A few groups should submit it tomorrow) Be careful! You need to get every part correct. If there is an issue you need to discuss with me, do so right away 2
3 Synchronization Upcoming lectures... Security, security LFS and Flash Transactions Device drivers Exam review Attendance is probably in your best interest 3
4 Synchronization (Spring '11) If you want hands-on experience with tricks of the trade N mini-projects: hints, prefetching, transactions,... Small, intimate class Achievable without panic (Fall '11) If 410 was fun... If you want to do more, If you want to see how it's done in real life, If you want to write real OS code used by real people, Consider
5 Outline Protection (Chapter 14) Protection vs. Security Domains (Unix, Multics) Access Matrix Concept, Implementation Revocation not really covered today (see text) Mentioning EROS [Later lectures: techniques and cracks] 5
6 Protection vs. Security Textbook's distinction Protection happens inside a computer Which parts may access which other parts (how)? Security considers external threats Is the system's model intact or compromised? 6
7 Protection Goals Prevent intentional attacks Prove access policies are always obeyed Detect bugs Wild pointer example Policy specifications System administrators Users - May want to add new privileges to system 7
8 Objects Hardware Exclusive-use: printer, serial port, CD writer,... Fluid aggregates: CPU, memory, disks, screen Logical objects Files Processes TCP port 25 Database tables 8
9 Operations Depend on object! Disk: read_sector(), write_sector() CD-ROM: read_sector(...) TCP port: advertise(...) CPU Conceptually: context_switch(...), <interrupt> More sensibly: realtime_schedule(...,...) 9
10 Access Control Basic access control Your processes should access only your stuff Implemented by many systems 10
11 Access Control Basic access control Your processes should access only your stuff Implemented by many systems Principle of least privilege (text: need-to-know ) cc -c foo.c should read foo.c, stdio.h,... should write foo.o should not write ~/.cshrc This is harder 11
12 Who Can Do What? access right = (object, operations) /etc/passwd, r /etc/passwd, r/w process protection domain P0 de0u, P1 rbd,... protection domain list of access rights de0u (/etc/passwd, r), (/afs/andrew/usr/de0u/.cshrc, w) 12
13 Protection Domain Example Domain 1 Domain 2 /dev/null, read/write /usr/davide/.cshrc, read/write /usr/garth/.cshrc, read /dev/null, read/write /usr/garth/.cshrc, read/write /usr/davide/.cshrc, read 13
14 Using Protection Domains Least privilege requires domain changes Doing different jobs requires different privileges One printer daemon, N users Print each user's file with minimum necessary privileges... 14
15 Using Protection Domains 15 Least privilege requires domain changes Doing different jobs requires different privileges One printer daemon, N users Print each user's file with minimum necessary privileges... Two general approaches Hold constant the process domain mapping Requires domains to add and drop privileges User printer gets & releases permission to read your file Hold constant the privileges of a domain Processes domain-switch between high-privilege, lowprivilege domains Printer process opens file as you, opens printer as printer
16 Protection Domain Models Three sample models Domain = user Domain = process Domain = procedure (other models are possible) 16
17 Domain = User Object permissions depend on who you are All processes you are running share privileges Privilege adjustment? Log off, log on (i.e., domain switch) 17
18 18 Domain = Process Resources managed by special processes Printer daemon, file server process,... Privilege adjustment? Objects cross domain boundaries via IPC Please send these bytes to the printer /* concept only; pieces missing */ s = socket(af_unix, SOCK_STREAM, 0); connect(s, pserver, sizeof pserver); mh->cmsg_type = SCM_RIGHTS; mh->cmsg_len[0] = open( /my/file, 0, 0); sendmsg(s, &mh, 0);
19 Domain = Procedure Processor limits access at fine grain Hardware protection on a per-variable basis! Domain switch Inter-domain procedure call nr = print(strlen(buf), buf); What is the correct domain for print()? Access to OS's data structures Permission to call OS's internal putbytes() Permission to read user's buf 19
20 Domain = Procedure 20 Processor limits access at fine grain Hardware protection on a per-variable basis! Domain switch Inter-domain procedure call nr = print(strlen(buf), buf); What is the correct domain for print()? Access to OS's data structures Permission to call OS's internal putbytes() Permission to read user's buf Ideally, correct domain automatically created by hardware Common case: user mode vs. kernel mode» Only a rough approximation of the right domain» But simple for hardware to implement
21 Unix setuid concept Assume Unix protection domain numeric user id Not the whole story! This overlooks: Group id, group vector Process group, controlling terminal Superuser But let's pretend for today Domain switch via setuid executable Special permission bit set with chmod u+s file Meaning: exec() sets uid to executable file's owner Gatekeeper programs lpr run by anybody can access printer's queue files 21
22 Access Matrix Concept Concept Formalization of who can do what Basic idea Store all permissions in a matrix One dimension is protection domains Other dimension is objects Entries are access rights 22
23 Access Matrix Concept D1 D2 D3 D4 File1 File2 File3 Printer rwxd r r rwxd w rwxd rwxd rwxd w r r r 23
24 Access Matrix Details OS must still define process domain mapping OS must define, enforce domain-switching rules Ad-hoc approach Special domain-switch rules (e.g., log off/on) Can encode domain-switch in access matrix! Switching domains is a privilege like any other... Add domain columns (domains are objects) Add switch-to rights to domain objects» D2 processes can switch to D1 at will Subtle (dangerous) 24
25 Adding Switch-Domain Rights D1 D2 D3 D4 File1 File2 File3 D1 rwxd r r rwxd s rwxd rwxd rwxd r r r 25
26 Updating the Matrix Ad-hoc approach System administrator can update matrix Matrix approach Add copy rights to objects Domain D1 may copy read rights for File2 So D1 can give D2 the right to read File2 26
27 Adding Copy Rights D1 D2 D3 D4 File1 File2 File3 rwxdr r r rwxd rwxd rwxd rwxd r r r 27
28 Adding Copy Rights D1 D2 D3 D4 File1 File2 File3 rwxdr r r r rwxd rwxd rwxd rwxd r r r 28
29 Updating the Matrix Add owner rights to objects D1 has owner rights for O47 D1 can modify the O47 column at will Can add, delete rights to O47 from all other domains Add control rights to domain objects D1 has control rights for D2 D1 can modify D2's rights to any object D1 may be teacher, parent,... 29
30 Access Matrix Implementation Implement matrix via matrix? Huge, messy, slow Very clumsy for... world readable file Need one entry per domain Must fill rights in when creating new domain private file Lots of blank squares» Can Alice read the file? - No» Can Bob read the file? - No» Two typical approaches ACL, capabilities
31 Access Control List File1 D1 D2 r D3 rwxd D4 r 31
32 Access Control List (ACL) 32 List per matrix column (object) de0u, read; bmm, read+write Naively, domain = user AFS ACLs domain = user, user:group, system:anyuser, machine list (system:campushost) positive rights, negative rights de0u:staff rlid nwf -id Doesn't really do least privilege System stores many privileges per user, permanently...
33 Capability List D1 File1 File2 File3 rwxdr r 33
34 Capability Lists 34 Capability Lists List per matrix row (domain) Naively, domain = user More typically, domain = process Permit least privilege Domains can transfer & forget capabilities Possible to create just right domains» cc which can't write to.cshrc Bootstrapping problem Who gets which rights at boot? Who gets which rights at login? Typical solution: store capability lists in files somehow
35 Mixed Approach Permanently store ACL for each file Must fetch ACL from disk to access file ACL fetch & evaluation may be long, complicated open() checks ACL, creates capability Process 33 has read-only access to vnode #5894 Records access rights for this process Quick verification on each read(), write() Result: per-process fd table caches results of ACL checks 35
36 Internal Protection? Understood so far: Which user process should be allowed to access what? Job performed by OS How to protect OS code, data from user processes Hardware user/kernel boundary Can we do better? Can we protect parts of the OS from other parts? 36
37 Traditional OS Layers User Program Print Queue File System Page System Disk Device Driver 37
38 Traditional OS Layers Smaller Simpler More Critical User Program Print Queue File System Page System Disk Device Driver 38
39 Traditional OS Layers Equally Trusted!! User Program Print Queue File System Page System Disk Device Driver 39
40 Traditional OS Layers Wild Pointer Access User Program Print Queue File System Page System Disk Device Driver 40
41 Multics Multics = Multiplexed Information and Computing Service Plan: information utility Mainframe per city Designed to scale Many users, many programmers Protection seen as a key ingredient of reliability 41
42 Multics Approach Trust hierarchy Small simple very-trusted kernel Main job: access control Goal: prove it correct Privilege layers (nested rings )... Ring 0 = kernel, inside every other ring Ring 1 = operating system core Ring 2 = operating system services Ring 7 = user programs 42
43 Multics Ring Architecture Segmented virtual address space Print module may contain Entry points in a code segment» list_printers(), list_queue(), enqueue(),... Data segment» List of printers, accounting data, queues Segment file (segments persist across reboots) VM permissions focus on segments, not pages Access checked by hardware Which procedures can you call? Is access to that segment's data legal? 43
44 Multics Rings Kernel Disk Page Store File System 44
45 Multics Rings Wild Pointer Access Kernel Disk Page Store File System 45
46 Multics Rings Fault Wild Pointer Access Kernel Disk Page Store File System 46
47 Multics Domain Switching CPU has current ring number register Current privilege level, [0..7] 47 Segment descriptors include Traditional stuff Segment's limit (size) Segment's base in physical memory Ring number Access bracket [min, max] Segment appears in ring min...ring max Access bits (read, write, execute) Entry limit List of gates (procedure entry points)
48 Multics Domain Switching Every procedure call is a potential domain switch Calling a procedure at current privilege level? Just call it Calling a more-privileged procedure? Call mechanism checks entry point is legal We enter more-privileged mode Called procedure can read & write all of our data Calling a less-privileged procedure? We want to show it some of our data (procedure params) We don't want it to modify our data 48
49 Multics Domain Switching min <= current-ring <= max We are executing in ring 3 Procedure is part of rings 2..4 Standard procedure call 49
50 Multics Domain Switching 50 current-ring > max Calling a more-privileged procedure It can do whatever it wants to us Implementation Hardware traps to ring 0 permission-management kernel Ring 0 checks current-ring < entry-limit User code may be forbidden to call ring 0 directly Checks call address is a legal entry point Less-privileged code can't jump into middle of a procedure Sets current-ring to segment-ring Privilege elevation after consulting callee's rules Runs procedure call
51 Multics Domain Switching current-ring < min Calling a less-privileged procedure Implementation Trap to ring 0 permission-management kernel Ring 0 copies privileged procedure call parameters Must be in low-privilege segment for callee to access Sets current-ring to segment-ring Privilege lowering callee gets r/o access to carefully chosen privileged state Runs procedure call 51
52 Multics Ring Architecture Does this look familiar? Benefits Concerns It should really remind you of something... Core security policy small, centralized Damage limited vs. Unix superuser ' model Hierarchy least privilege Requires specific hardware Performance (maybe) 52
53 More About Multics Back to the future Symmetric multiprocessing Hierarchical file system (access control lists) Memory-mapped files Hot-pluggable CPUs, memory, disks 1969!!! Significant influence on Unix Ken Thompson was a Multics contributor The One True OS In use
54 Mentioning EROS Text mentions Hydra, CAP Late 70's, early 80's Dead EROS ( Extremely Reliable Operating System ) UPenn, Johns Hopkins Based on commercial GNOSIS/KeyKOS OS Arguably less dead (see below) 54
55 EROS Overview Pure capability system ACLs considered harmful Pure principle system Don't compromise principle for performance Aggressive performance goal Domain switch ~100X procedure call Unusual approach to capability-bootstrap problem Persistent processes! 55
56 Persistent Processes?? No such thing as reboot Processes last forever (until exit) OS kernel checkpoints system state to disk Memory & registers defined as cache of disk state Restart restores system state into hardware Login reconnects you to your processes 56
57 EROS Objects Disk pages capabilities: read/write, read-only Capability nodes Numbers Arrays of capabilities Protected capability ranges Disk pages Process executable node 57
58 EROS Revocation Stance Really revoking access is hard The user could have copied the file Don't give out real capabilities Give out proxy capabilities Then revoke however you wish Verdict Not really satisfying Unclear there is a better answer Palladium/ trusted computing isn't clearly better 58
59 EROS Quick Start essays/ reliability/paper.html capintro.html wherefrom.html ACLSvCaps.html Current status EROS code base transitioned to CapROS.org Follow-on research project at Coyotos.org 59
60 Concept Summary 60 Object Domain Operations Switching Capabilities Revoking is hard, see text Protection vs. security Protection is what our sysadmin hopes is happening... Further reading? PLASH - principle of least authority shell for Linux
> 1999?... Protection Apr. 23, 2007
15-410...1969 > 1999?... Protection Apr. 23, 2007 Dave Eckhardt Bruce Maggs 1 L35_Protection Synchronization Thank you for your P3extra/P4 registrations Expect hand-in directories today 15-412 (Fall '07)
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationProtection Kevin Webb Swarthmore College April 19, 2018
Protection Kevin Webb Swarthmore College April 19, 2018 xkcd #1200 Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationToday: Protection. Protection
Today: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection 1 Protection Operating
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationChapter 13: Protection. Operating System Concepts Essentials 8 th Edition
Chapter 13: Protection Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 13: Protection Goals of Protection Principles of Protection Domain of Protection Access
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationChapter 14: Protection. Operating System Concepts 9 th Edition
Chapter 14: Protection Silberschatz, Galvin and Gagne 2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationArvind Krishnamurthy Spring Implementing file system abstraction on top of raw disks
File Systems Arvind Krishnamurthy Spring 2004 File Systems Implementing file system abstraction on top of raw disks Issues: How to find the blocks of data corresponding to a given file? How to organize
More informationModule 19: Protection
Module 19: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System
More informationLecture 3: O/S Organization. plan: O/S organization processes isolation
6.828 2012 Lecture 3: O/S Organization plan: O/S organization processes isolation topic: overall o/s design what should the main components be? what should the interfaces look like? why have an o/s at
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationPolicy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems
Policy vs. Mechanism CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms q Access control policy is a specification
More informationToday: Protection! Protection!
Today: Protection! Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Lecture 27, page
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms 1 Policy vs. Mechanism q Access control policy is a specification
More informationOperating Systems. Introduction & Overview. Outline for today s lecture. Administrivia. ITS 225: Operating Systems. Lecture 1
ITS 225: Operating Systems Operating Systems Lecture 1 Introduction & Overview Jan 15, 2004 Dr. Matthew Dailey Information Technology Program Sirindhorn International Institute of Technology Thammasat
More informationThe cow and Zaphod... Virtual Memory #2 Feb. 21, 2007
15-410...The cow and Zaphod... Virtual Memory #2 Feb. 21, 2007 Dave Eckhardt Bruce Maggs 1 L16_VM2 Wean Synchronization Watch for exam e-mail Please answer promptly Computer Club demo night Thursday (2/22)
More informationSilberschatz and Galvin Chapter 19
Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection Goals of protection schemes Domain of protection Mechanisms Ð access matrix implementation of access matrix revocation
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationLast 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture
Last 2 Classes: Introduction to Operating Systems & C++ tutorial User apps OS Virtual machine interface hardware physical machine interface An operating system is the interface between the user and the
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationCS 153 Design of Operating Systems Winter 2016
CS 153 Design of Operating Systems Winter 2016 Lecture 17: Paging Lecture Overview Recap: Today: Goal of virtual memory management: map 2^32 byte address space to physical memory Internal fragmentation
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationCSC 2405: Computer Systems II
CSC 2405: Computer Systems II Dr. Mirela Damian http://www.csc.villanova.edu/~mdamian/csc2405/ Spring 2016 Course Goals: Look under the hood Help you learn what happens under the hood of computer systems
More informationModule 19: Protection
Module 19: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection 19.1 Protection
More informationProcess Time. Steven M. Bellovin January 25,
Multiprogramming Computers don t really run multiple programs simultaneously; it just appears that way Each process runs to completion, but intermixed with other processes Process 1 6 ticks Process 2 Process
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: John Mitchell Basic idea: Isolation A Seaman's Pocket-Book, 1943 (public domain) http://staff.imsa.edu/~esmith/treasurefleet/treasurefleet/watertight_compartments.htm
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationToday: Protection. Sermons in Computer Science. Domain Structure. Protection
Sermons in Simplicity Performance Programming as Craft Information is Property Stay Broad Ack: Tom Anderson, U. Washington Today: Protection Goals of Protection Domain of Protection Access Matrix Implementation
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationW4118 Operating Systems. Junfeng Yang
W4118 Operating Systems Junfeng Yang What is a process? Outline Process dispatching Common process operations Inter-process Communication What is a process Program in execution virtual CPU Process: an
More informationESE 333 Real-Time Operating Systems 163 Review Deadlocks (Cont.) ffl Methods for handling deadlocks 3. Deadlock prevention Negating one of four condit
Review Deadlocks ffl Non-sharable resources ffl Necessary conditions for a deadlock to occur 1. Mutual exclusion 2. Hold and wait 3. No preemption 4. Circular wait ffl Resource graph ffl Use resource graph
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationProcesses & Threads. Recap of the Last Class. Layered Structure. Virtual Machines. CS 256/456 Dept. of Computer Science, University of Rochester
Recap of the Last Class Processes & Threads CS 256/456 Dept. of Computer Science, University of Rochester Hardware protection kernel and mode System components process management, memory management, I/O
More informationCS 5460/6460 Operating Systems
CS 5460/6460 Operating Systems Fall 2009 Instructor: Matthew Flatt Lecturer: Kevin Tew TAs: Bigyan Mukherjee, Amrish Kapoor 1 Join the Mailing List! Reminders Make sure you can log into the CADE machines
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationProcesses & Threads. Recap of the Last Class. Microkernel System Architecture. Layered Structure
Recap of the Last Class Processes & Threads CS 256/456 Dept. of Computer Science, University of Rochester Hardware protection kernel and user mode System components process management, memory management,
More informationIntroduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras Week - 01 Lecture - 03 From Programs to Processes Hello. In
More informationIntroduction to OS. Introduction MOS Mahmoud El-Gayyar. Mahmoud El-Gayyar / Introduction to OS 1
Introduction to OS Introduction MOS 1.1 1.3 Mahmoud El-Gayyar elgayyar@ci.suez.edu.eg Mahmoud El-Gayyar / Introduction to OS 1 Why an Operating Systems course? Understanding of inner workings of systems
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 10: Paging Geoffrey M. Voelker Lecture Overview Today we ll cover more paging mechanisms: Optimizations Managing page tables (space) Efficient
More informationLecture 2: Architectural Support for OSes
Lecture 2: Architectural Support for OSes CSE 120: Principles of Operating Systems Alex C. Snoeren HW 1 Due Tuesday 10/03 Why Architecture? Operating systems mediate between applications and the physical
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More informationLINUX OPERATING SYSTEM Submitted in partial fulfillment of the requirement for the award of degree of Bachelor of Technology in Computer Science
A Seminar report On LINUX OPERATING SYSTEM Submitted in partial fulfillment of the requirement for the award of degree of Bachelor of Technology in Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationToday: Computer System Overview (Stallings, chapter ) Next: Operating System Overview (Stallings, chapter ,
Lecture Topics Today: Computer System Overview (Stallings, chapter 1.1-1.8) Next: Operating System Overview (Stallings, chapter 2.1-2.4, 2.8-2.10) 1 Announcements Syllabus and calendar available Consulting
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Fall 2016 Lecture 2: Architectural Support for Operating Systems Geoffrey M. Voelker Administrivia Project 0 Due 10/4, done individually Homework #1 Due 10/6 Project
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 2: Architectural Support for Operating Systems Geoffrey M. Voelker Administrivia Project 0 Due 4/9 11:59pm, done individually Homework #1 Due
More informationArchitecture and OS. To do. q Architecture impact on OS q OS impact on architecture q Next time: OS components and structure
Architecture and OS To do q Architecture impact on OS q OS impact on architecture q Next time: OS components and structure Computer architecture and OS OS is intimately tied to the hardware it runs on
More informationLecture 2 Fundamental OS Concepts. Bo 2018, Spring
Lecture 2 Fundamental OS Concepts Bo Tang @ 2018, Spring Our Roadmap Computer Organization Revision Kernel Data Structures in OS OS History Four fundamental OS concepts Thread Address space (with translation)
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationCS 167 Final Exam Solutions
CS 167 Final Exam Solutions Spring 2018 Do all questions. 1. [20%] This question concerns a system employing a single (single-core) processor running a Unix-like operating system, in which interrupts are
More informationMon Sep 17, 2007 Lecture 3: Process Management
Mon Sep 17, 2007 Lecture 3: Process Management September 19, 2007 1 Review OS mediates between hardware and user software QUIZ: Q: Name three layers of a computer system where the OS is one of these layers.
More informationDesign Overview of the FreeBSD Kernel CIS 657
Design Overview of the FreeBSD Kernel CIS 657 Organization of the Kernel Machine-independent 86% of the kernel (80% in 4.4BSD) C code Machine-dependent 14% of kernel Only 0.6% of kernel in assembler (2%
More informationDesign Overview of the FreeBSD Kernel. Organization of the Kernel. What Code is Machine Independent?
Design Overview of the FreeBSD Kernel CIS 657 Organization of the Kernel Machine-independent 86% of the kernel (80% in 4.4BSD) C C code Machine-dependent 14% of kernel Only 0.6% of kernel in assembler
More informationCSE 120 Principles of Operating Systems Spring 2017
CSE 120 Principles of Operating Systems Spring 2017 Lecture 12: Paging Lecture Overview Today we ll cover more paging mechanisms: Optimizations Managing page tables (space) Efficient translations (TLBs)
More informationOperating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst
Operating Systems CMPSCI 377 Spring 2017 Mark Corner University of Massachusetts Amherst Last Class: Intro to OS An operating system is the interface between the user and the architecture. User-level Applications
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationG54ADM Sample Exam Questions and Answers
G54ADM Sample Exam Questions and Answers Question 1 Compulsory Question (34 marks) (a) i. Explain the purpose of the UNIX password file. (2 marks) ii. Why doesn t the password file contain passwords? (2
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationOPERATING SYSTEMS. After A.S.Tanenbaum, Modern Operating Systems, 3rd edition. Uses content with permission from Assoc. Prof. Florin Fortis, PhD
OPERATING SYSTEMS #2 After A.S.Tanenbaum, Modern Operating Systems, 3rd edition Uses content with permission from Assoc. Prof. Florin Fortis, PhD INTRODUCTION Operating systems structure OPERATING SYSTEM
More informationCS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationArchitectural Support for Operating Systems
Architectural Support for Operating Systems Today Computer system overview Next time OS components & structure Computer architecture and OS OS is intimately tied to the hardware it runs on The OS design
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationOS structure. Process management. Major OS components. CSE 451: Operating Systems Spring Module 3 Operating System Components and Structure
CSE 451: Operating Systems Spring 2012 Module 3 Operating System Components and Structure Ed Lazowska lazowska@cs.washington.edu Allen Center 570 The OS sits between application programs and the it mediates
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationLast Class: Memory management. Per-process Replacement
Last Class: Memory management Page replacement algorithms - make paging work well. Random, FIFO, MIN, LRU Approximations to LRU: Second chance Multiprogramming considerations Lecture 17, page 1 Per-process
More informationArchitectural Support for Operating Systems
OS and Architectures Architectural Support for Operating Systems Emin Gun Sirer What an OS can do is dictated, at least in part, by the architecture. Architecture support can greatly simplify (or complicate)
More informationVirtual Memory #3 Oct. 10, 2018
15-410...The cow and Zaphod... Virtual Memory #3 Oct. 10, 2018 Dave Eckhardt Dave O'Hallaron 1 L19_VM3 Synchronization Exam Thursday! 18:30 Doherty A302 Homework 1 due tonight! Not at midnight! 2 Synchronization
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCS 318 Principles of Operating Systems
CS 318 Principles of Operating Systems Fall 2018 Lecture 10: Virtual Memory II Ryan Huang Slides adapted from Geoff Voelker s lectures Administrivia Next Tuesday project hacking day No class My office
More informationCPS221 Lecture: Operating System Protection
Objectives CPS221 Lecture: Operating System Protection last revised 9/5/12 1. To explain the use of two CPU modes as the basis for protecting privileged instructions and memory 2. To introduce basic protection
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationCSE 153 Design of Operating Systems
CSE 153 Design of Operating Systems Winter 19 Lecture 3: OS model and Architectural Support Last time/today Historic evolution of Operating Systems (and computing!) Today: We start our journey in exploring
More information4 Lecture: Operating System Structures
4 Lecture: Operating System Structures Outline: nnouncements Two stories OS Pre-history: The boot process How it all begins (on an Intel PC with a floppy) How it continues nd onwards: How does the OS get
More informationWorkloads. CS 537 Lecture 16 File Systems Internals. Goals. Allocation Strategies. Michael Swift
Workloads CS 537 Lecture 16 File Systems Internals Michael Swift Motivation: Workloads influence design of file system File characteristics (measurements of UNIX and NT) Most files are small (about 8KB)
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationOperating Systems. Spring Dongkun Shin, SKKU
Operating Systems Spring 2019 1 Syllabus Instructors: Dongkun Shin Office : Room 85470 E-mail : dongkun@skku.edu Office Hours: Tue. 15:00-17:30 or by appointment Lecture notes nyx.skku.ac.kr Courses Operation
More informationScheduling Mar. 19, 2018
15-410...Everything old is new again... Scheduling Mar. 19, 2018 Dave Eckhardt Brian Railing Roger Dannenberg 1 Outline Chapter 5 (or Chapter 7): Scheduling Scheduling-people/textbook terminology note
More informationDisciplina Sistemas de Computação
Aula 09 Disciplina Sistemas de Computação Operating System Roles (recall) OS as a Traffic Cop: Manages all resources Settles conflicting requests for resources Prevent errors and improper use of the computer
More informationScheduling, part 2. Don Porter CSE 506
Scheduling, part 2 Don Porter CSE 506 Logical Diagram Binary Memory Formats Allocators Threads Today s Lecture Switching System to CPU Calls RCU scheduling File System Networking Sync User Kernel Memory
More informationBeetle: Operating System Support for the Internet of Things
Beetle: Operating System Support for the Internet of Things Amit Levy, James Hong, Laurynas Riliskis, Philip Levis, David Mazières, and Keith Winstein The Internet of Things Ideal Future The Internet of
More informationCSC369 Lecture 2. Larry Zhang, September 21, 2015
CSC369 Lecture 2 Larry Zhang, September 21, 2015 1 Volunteer note-taker needed by accessibility service see announcement on Piazza for details 2 Change to office hour to resolve conflict with CSC373 lecture
More informationOperating system security
Operating system security Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This
More informationChapter 17: System Protection
Chapter 17: System Protection Chapter 17: System Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More information